header('Authorization'); if ($authHeader !== '' && stripos($authHeader, 'Bearer ') === 0) { $token = trim(substr($authHeader, 7)); if ($token === '') { return $this->deny('Missing token.', 401); } try { $user = JWTAuth::setToken($token)->authenticate(); if ($user) { Auth::setUser($user); } } catch (JWTException $e) { $user = null; } } } if (! $user) { return $this->deny('Unauthorized access to documentation.', 401); } if ($response = $this->denyUnavailableAccount($user)) { return $response; } if (! $this->userIsAdmin((int) $user->id)) { return $this->deny('Admin privileges required.', 403); } return $next($request); } private function userIsAdmin(int $userId): bool { return DB::table('user_roles as ur') ->join('roles as r', 'r.id', '=', 'ur.role_id') ->where('ur.user_id', $userId) ->whereNull('ur.deleted_at') ->whereRaw('LOWER(r.name) = ?', ['admin']) ->exists(); } private function denyUnavailableAccount(object $user): ?Response { $status = strtolower(trim((string) ($user->status ?? ''))); $isVerified = filter_var($user->is_verified ?? false, FILTER_VALIDATE_BOOLEAN); $isSuspended = filter_var($user->is_suspended ?? false, FILTER_VALIDATE_BOOLEAN); if (! $isVerified || $status !== 'active' || $isSuspended) { return response()->json(['message' => 'Account unavailable.'], 403); } return null; } private function deny(string $message, int $status): Response { return response()->json([ 'status' => false, 'message' => $message, ], $status); } }